CVE-2002-1048
CVSS7.5
发布时间 :2002-10-04 00:00:00
修订时间 :2008-09-05 16:29:38
NMCOES    

[原文]HP JetDirect printers allow remote attackers to obtain the administrative password for the (1) web and (2) telnet services via an SNMP request to the variable (.iso.3.6.1.4.1.11.2.3.9.4.2.1.3.9.1.1.0.


[CNNVD]HP JetDirect打印机SNMP GET获取管理员口令远程漏洞(CNNVD-200210-130)

        
        JetDirect打印机是一款惠普公司开发的集成网络功能的打印机。
        JetDirect打印机在应答SNMP READ请求时存在问题,远程攻击者可以利用这个漏洞获得HTTP和TELNET管理接口管理员口令信息。
        攻击者提交对.iso.3.6.1.4.1.11.2.3.9.4.2.1.3.9.1.1.0 SNMP变量的请求时,可导致JetDirect打印机返回以HEX编码的HTTP和TELNET管理接口访问口令,攻击者可以利用这些口令信息访问和更改打印机配置。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/h:hp:jetdirect:x.08.05
cpe:/h:hp:jetdirect:j3111a_rev._g.07.03
cpe:/h:hp:jetdirect:j3111a_rev._g.05.35
cpe:/h:hp:jetdirect:x.20.00
cpe:/h:hp:jetdirect:j3111a_rev._g.07.02
cpe:/h:hp:jetdirect:x.08.00
cpe:/h:hp:jetdirect:j3111a_rev._g.08.03
cpe:/h:hp:jetdirect:x.08.04
cpe:/h:hp:jetdirect:x.08.32
cpe:/h:hp:jetdirect:j3111a_rev._g.07.17
cpe:/h:hp:jetdirect:j3111a_rev._a.08.06
cpe:/h:hp:jetdirect:x.21.00
cpe:/h:hp:jetdirect:x.08.20

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1048
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1048
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200210-130
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/377003
(UNKNOWN)  CERT-VN  VU#377003
http://www.securityfocus.com/bid/5331
(VENDOR_ADVISORY)  BID  5331
http://www.iss.net/security_center/static/9693.php
(UNKNOWN)  XF  hp-jetdirect-snmp-read(9693)
http://archives.neohapsis.com/archives/bugtraq/2002-07/0345.html
(VENDOR_ADVISORY)  BUGTRAQ  20020727 Phenoelit Advisory #0815 +-+

- 漏洞信息

HP JetDirect打印机SNMP GET获取管理员口令远程漏洞
高危 设计错误
2002-10-04 00:00:00 2005-10-20 00:00:00
远程  
        
        JetDirect打印机是一款惠普公司开发的集成网络功能的打印机。
        JetDirect打印机在应答SNMP READ请求时存在问题,远程攻击者可以利用这个漏洞获得HTTP和TELNET管理接口管理员口令信息。
        攻击者提交对.iso.3.6.1.4.1.11.2.3.9.4.2.1.3.9.1.1.0 SNMP变量的请求时,可导致JetDirect打印机返回以HEX编码的HTTP和TELNET管理接口访问口令,攻击者可以利用这些口令信息访问和更改打印机配置。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 改变缺省的SNMP口令,设置一个难以猜测的SNMP只读口令。
        厂商补丁:
        HP
        --
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://itrc.hp.com

- 漏洞信息 (22319)

HP JetDirect Printer SNMP JetAdmin Device Password Disclosure Vulnerability (EDBID:22319)
hardware remote
2003-03-03 Verified
0 Sven Pechler
N/A [点击下载]
HP JetDirect J2552A/J2552B/J2591A/J3110A/J3111A/J3113A/J3263A/300.0 X Printer SNMP JetAdmin Device Password Disclosure Vulnerability

source: http://www.securityfocus.com/bid/7001/info

A problem with JetDirect printers could make it possible for a remote user to gain administrative access to the printer.

It has been reported that HP JetDirect printers leak the web JetAdmin device password under some circumstances. By sending an SNMP GET request to a vulnerable printer, the printer will return the hex-encoded device password to the requester. This could allow a remote user to access and change configuration of the printer. 

C:\>snmputil get example.printer public .1.3.6.1.4.1.11.2.3.9.1.1.13.0 		

- 漏洞信息

2079
HP JetDirect Device SNMP Request Cleartext Admin Credential Disclosure
Cryptographic, Information Disclosure
Loss of Confidentiality

- 漏洞描述

A problem with older (e.g. J3263A, J2591A, 300.0 X) JetDirect printers could make it possible for a remote user to gain administrative access to the printer which could allow a remote user to access and change configuration of the printer.

- 时间线

2002-07-27 Unknow
Unknow Unknow

- 解决方案

Workaround solutions: - Ensure that the Web JetAdmin device password is empty - Define a 'Set community name' (other than 'public') Unaware of any vendor-supplied patches for this issue.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

HP JetDirect Printers SNMP Get Administrative Password Retrieval Vulnerability
Design Error 5331
Yes No
2002-07-27 12:00:00 2009-07-11 02:56:00
Vulnerability discovery credited to FX <fx@phenoelit.de> and kim0 <kim0@phenoelit.de>.

- 受影响的程序版本

HP JetDirect J3111A rev. G.08.03
HP JetDirect J3111A rev. G.07.17
HP JetDirect J3111A rev. G.07.03
HP JetDirect J3111A rev. G.07.02
HP JetDirect J3111A rev. G.05.35
HP JetDirect J3111A rev. A.08.06
HP JetDirect x.21.00
HP JetDirect x.20.00
HP JetDirect x.08.32
HP JetDirect x.08.20
HP JetDirect x.08.05
HP JetDirect x.08.04
HP JetDirect x.08.00

- 漏洞讨论

JetDirect printers are network-enabled printers distributed by Hewlett-Packard.

It has been reported that HP JetDirect printers leak the telnet and HTTP administrative password under some circumstances. By sending an SNMP READ request to a vulnerable printer, the printer will return the hex-encoded password to the requester. This could allow a remote user to access and change configuration of the printer.

- 漏洞利用

No exploit is required for this vulnerability.

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站